The Windows Push Notification Services (WNS) enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.

How it works

The following diagram shows the complete data flow involved in sending a push notification. It involves these steps:

Your app sends a request for a push notification channel to the Notification Client Platform.

The Notification Client Platform asks WNS to create a notification channel. This channel is returned to the calling device in the form of a Uniform Resource Identifier (URI).

The notification channel URI is returned by Windows to your app.

Your app sends the URI to your own cloud service. This callback mechanism is an interface between your own app and your own service. It is your responsibility to implement this callback with safe and secure web standards.

When your cloud service has an update to send, it notifies WNS using the channel URI. This is done by issuing an HTTP POST request, including the notification payload, over Secure Sockets Layer (SSL). This step requires authentication.

WNS receives the request and routes the notification to the appropriate device.

Registering your app and receiving the credentials for your cloud service

Before you can send notifications using WNS, your app must be registered with the Windows Store Dashboard. This will provide you with credentials for your app that your cloud service will use in authenticating with WNS. These credentials consist of a Package Security Identifier (SID) and a secret key. To perform this registration, go the the
Windows Dev Center and select Dashboard.

Each app has its own set of credentials for its cloud service. These credentials cannot be used to send notifications to any other app.

After the app has successfully created a channel URI, it sends it to its cloud service, together with any app-specific metadata that should be associated with this URI.

Important notes

We do not guarantee that the notification channel URI for an app will always remain the same. We advise that the app requests a new channel every time it runs and updates its service when the URI changes. The developer should never modify the channel URI and should consider it as a black-box string. At this time, channel URIs expire after 30 days. Apps that will periodically renew their channel in the background can follow the pattern demonstrated in the
Push and periodic notifications sample.

The interface between the Windows Store app and the cloud service is implemented by you, the developer. We recommend that the app go through an authentication process with its own service and transmit data over a secure protocol such as HTTPS.

It is important that the cloud service always ensures that the channel URI uses the domain "notify.windows.com". The service should never push notifications to a channel on any other domain. If the callback for your app is ever compromised, a malicious attacker could submit a channel URI to spoof WNS. Without inspecting the domain, your cloud service could be potentially disclose information to this attacker unknowingly.

If your cloud service attempts to deliver a notification to an expired channel, WNS will return
response code 410. In response to that code, your service should no longer attempt to send notifications to that URI.

Authenticating your cloud service

To send a notification, the cloud service must be authenticated through WNS. The first step in this process occurs when you register your app with the Windows Store Dashboard. During the registration process, your app is given a Package security identifier (SID) and a secret key. This information is used by your cloud service to authenticate with WNS.

The WNS authentication scheme is implemented using the client credentials profile from the
OAuth 2.0 protocol. The cloud service authenticates with WNS by providing its credentials (Package SID and secret key). In return, it receives an access token. This access token allows a cloud service to send a notification. The token is required with every notification request sent to the WNS.

At a high level, the information chain is as follows:

The cloud service sends its credentials to WNS over HTTPS following the OAuth 2.0 protocol. This authenticates the service with WNS.

WNS returns an access token if the authentication was successful. This access token is used in all subsequent notification requests until it expires.

In the authentication with WNS, the cloud service submits an HTTP request over Secure Sockets Layer (SSL). The parameters are supplied in the "application/x-www-for-urlencoded" format. Supply your Package SID in the "client_id" field and your secret key in the "client_secret" field. For syntax details, see the
access token request reference.

Note This is just an example, not cut-and-paste code that you can successfully use in your own code.

The WNS authenticates the cloud service and, if successful, sends a response of "200 OK". The access token is returned in the parameters included in the body of the HTTP response, using the "application/json" media type. After your service has received the access token, you are ready to send notifications.

Important notes

The OAuth 2.0 protocol supported in this procedure follows draft version V16.

The OAuth Request for Comments (RFC) uses the term "client" to refer to the cloud service.

There might be changes to this procedure when the OAuth draft is finalized.

The access token can be reused for multiple notification requests. This allows the cloud service to authenticate just once to send many notifications. However, when the access token expires, the cloud service must authenticate again to receive a new access token.

Sending a notification

Using the channel URI, the cloud service can send a notification whenever it has an update for the user.

The access token described above can be reused for multiple notification requests; the cloud server is not required to request a new access token for every notification. If the access token has expired, the notification request will return an error. We recommended that you do not try resending your notification more than once if the access token is rejected. If you encounter this error, you will need to request a new access token and resend the notification. For the exact error code, see
Push notification response codes.

The cloud service makes an HTTP POST to the channel URI. This request must be made over SSL and contains the necessary headers and the notification payload. The authorization header must include the acquired access token for authorization.

For details on composing the notification payload, see
Quickstart: Sending a push notification. The payload of a tile, toast, or badge push notification is supplied as XML content that adheres to their respective defined
schemas. The payload of a raw notification does not have a specified structure. It is strictly app-defined.

WNS responds to indicate that the notification has been received and will be delivered at the next available opportunity. However, WNS does not provide end-to-end confirmation that your notification has been received by the device or application.

The following image illustrates this data flow.

Important notes

WNS does not guarantee the reliability or latency of a notification.

Notifications should never include confidential or sensitive data.

To send a notification, the cloud service must first authenticate with WNS and receive an access token.

An access token allows a cloud service to send notifications to only the single app that the token was created for. One access token cannot be used to send notifications across multiple apps. Therefore, if your cloud service supports multiple apps, it must provide the correct access token for the app when pushing a notification to each channel URI.

When the device is offline, by default WNS will store up to five tile notifications (if queuing is enabled; otherwise, one tile notification) and one badge notification for each channel URI, and no raw notifications. This default caching behavior can be changed through the
X-WNS-Cache-Policy header. Note that toast notifications are never stored when the device is offline.

In scenarios where the notification content is personalized to the user, WNS recommends that the cloud service send those updates immediately when they are received. Examples of this scenario include social media feed updates, instant communication invitations, new message notification, or alerts. Alternatively, you can have scenarios where the same generic update is frequently delivered to a large subset of your users; for example, weather, stock, and news updates. WNS guidelines specify that the frequency of these updates should be at most one every 30 minutes. The end user or WNS may determine more frequent routine updates to be abusive.

Expiration of tile and badge notifications

By default, tile and badge notifications expire three days from the time they are downloaded. When a notification expires, the content is removed from the tile or queue and is no longer shown to the user. It is a best practice to set an expiration on all tile and badge notifications, using a time that makes sense for your app, to ensure that your tile's content does not persist longer than it is relevant. An explicit expiration time is essential for content with a defined lifespan. It also assures the removal of stale content if your cloud service stops sending notifications, or if the user disconnects from the network for an extended period of time.

Your cloud service can set an expiration for each notification by setting the X-WNS-Expires HTTP header to specify the time (in seconds) that your notification will remain valid after it is sent. For more information, see
Push notification service request and response headers.

For example, during a stock market's active trading day, you can set the expiration for a stock price update to twice that of your sending interval (such as one hour after receipt if you are sending notifications every half-hour). As another example, a news app might determine that one day is an appropriate expiration time for a daily news tile update.

Push notifications and battery saver

Battery saver extends battery life by limiting background activity on the device. Windows 10 and Windows Phone 8.1 lets the user set battery saver to turn on automatically when the battery drops below a specified threshold. When battery saver is on, the receipt of push notifications is disabled to save energy. But there are a couple exceptions to this. The following Windows 10 battery saver settings (found in the Settings app) allow your app to receive push notifications even when battery saver is on.

Allow push notifications from any app while in battery saver: This setting lets all apps receive push notifications while battery saver is on. Note that this setting applies only to Windows 10 for desktop editions (Home, Pro, and Enterprise).

Always allowed: This setting lets specific apps run in the background while battery saver is on - including receiving push notifications. This list is maintained manually by the user.

There is no way to check the state of these two settings, but you can check the state of battery saver. In Windows 10, use the
EnergySaverStatus property to check battery saver state. Your app can also use the
EnergySaverStatusChanged event to listen for changes to battery saver. In Windows Phone 8.1, use
PowerSavingModeEnabled to check battery saver state.

If your app depends heavily on push notifications, we recommend notifying users that they may not receive notifications while battery saver is on and to make it easy for them to adjust battery saver settings. Using the battery saver settings URI scheme in Windows 10, ms-settings:batterysaver-settings, you can provide a convenient link to the Settings app.

Tip When notifying the user about battery saver settings, we recommend providing a way to suppress the message in the future. For example, the dontAskMeAgainBox checkbox in the following example persists the user's preference in
LocalSettings.

Here's an example of how to check if battery saver is turned on in Windows 10. This example notifies the user and launches the Settings app to battery saver settings. The dontAskAgainSetting lets the user suppress the message if they don't want to be notified again.